Your Google account can now be hacked, even if you change your password! In the constantly evolving landscape of cybersecurity, several hackers stand out, particularly through their actions, each more sophisticated than the last. This is the case of PRISMA, which recently attracted attention for its discovery of a dangerous vulnerability in Google’s cookie management, allowing access to user accounts. Decryption of the mechanisms of this attack.
Discovery and use of the security vulnerability
PRISMA is relatively new to the cybercrime scene: the first information about it dates back to October 2023. However, specific details about its origin remain unclear. PRISMA’s first discovery focuses on a vulnerability specific to Google accounts.
This developer discovered, in October 2023, a critical, zero-day flaw in Google’s IS. A zero-day attack occurs when a software vulnerability is discovered and exploited by cybercriminals and before the software vendor becomes aware of it. A vulnerability can arise from different phases of the development lifecycle. The origins can come from the specification and design phase as well as the validation and integration phase.
The discovered vulnerability allows attackers to maintain persistence in compromised Google accounts through a non-perishable session cookie, even after security measures have been taken by users, such as resetting their passwords. It was quickly adopted by other malicious programs, Stealers, such as Lumma, Rhadamantys, Risepro, Medusa or even Stealc Stealer and others are still in the process of integrating it.
Technical threat analysis
PRISMA discovery is based on the creation of a persistent session cookie obtained from a stolen password. Normally, these cookies allow you to maintain an active user session without having to continually reconnect. Exploiting a zero-day flaw in Google’s cookie management, attackers can maintain access to accounts, regardless of user attempts to secure their account. This discovery reveals a flaw in the management and security of cookies, an aspect often underestimated in web security systems.
Using this vulnerability exposes users to a high security risk. Indeed, attackers can not only manipulate their data and compromised account settings, but also steal sensitive information. This technique could also allow attackers to send phishing emails from the compromised account to its contacts.
What lessons can we learn from this?
For now, in the absence of an immediate solution from Google, the cybersecurity community is focusing on awareness and prevention. Strict prevention measures include regularly monitoring active sessions, logging out of suspicious sessions, changing passwords frequently, and using multi-factor authentication. Additionally, businesses should review and strengthen their cookie management and session security policies, while remaining alert to new vulnerabilities and zero-day breaches.
PRISMA and its ability to exploit a critical flaw in Google’s cookie management highlights a major problem in the security of Google accounts, a platform widely used around the world. This situation highlights the importance of vigilance and proactive security, both for individual users and large technology companies.
The need to protect Google accounts, which are often linked to a multitude of services and personal data, is therefore very important. This flaw not only exposes users’ personal information, but also threatens the integrity and confidentiality of their online communications and transactions. This is why responding to such threats requires a multi-faceted approach, with enhanced security measures and continued awareness.